Context Overload
Large issue lists overwhelm context windows, causing agents to lose track of what’s been fixed
Sheriff
An MCP server that turns static analysis reports into a managed work queue for AI agents — batching issues by file, tracking fixes, and persisting progress across sessions.
The Problem
Section titled “The Problem”AI agents can handle a handful of static analysis issues directly. But when reports grow to dozens or hundreds of issues, things break down:
Lost Progress
Work is lost on context compaction or session restart — there’s no external record of progress
Inefficient Navigation
Without batching, agents jump between files repeatedly, wasting tokens and missing issues
The Solution
Section titled “The Solution”Sheriff provides a work queue manager for AI agents fixing static analysis issues:
Intelligent Batching
Issues grouped by file for efficient fixing - fix all issues in one file before moving to the next
Persistent Progress
State survives compaction, restarts, and agent switches via embedded H2 database
Scope Filtering
Focus on specific rules, severities, or file patterns
Compact Responses
Minimal context usage with abbreviated field names
Supported Static Analysis Tools
Section titled “Supported Static Analysis Tools”Sheriff works with any tool that produces SARIF output:
| Tool | Language | SARIF Command |
|---|---|---|
| Qodana | Java/Kotlin/JS/Python | qodana scan (SARIF output is default) |
| Semgrep | Multi-language | semgrep --sarif -o results.sarif |
| ESLint | JavaScript/TypeScript | eslint --format @microsoft/sarif |
| CodeQL | Multi-language | Built-in SARIF output |
| SonarQube | Multi-language | Built-in SARIF export |
| SpotBugs | Java | spotbugs -sarif |
| Bandit | Python | bandit -f sarif |
| Checkov | IaC | checkov -o sarif |
| Trivy | Container/IaC | trivy --format sarif |
The Workflow
Section titled “The Workflow”- Run static analysis - Generate SARIF output from your tool of choice
- Load into Sheriff -
sheriff load target="results.sarif" - Get next file’s issues -
sheriff nextreturns a batch of issues from one file (default limit: 25) - Fix all issues in file - Edit the code to resolve each issue
- Mark as done -
sheriff done fps=[...] status="fixed" - Repeat - Until
remaining = 0
Quick Example
Section titled “Quick Example”User: "Fix all ConstantValue issues in my codebase"
Agent: sheriff load target="build/qodana/qodana.sarif.json" → 136 total issues, 22 ConstantValue, 15 unused...
Agent: sheriff next scope={rule: "ConstantValue"} → 3 issues in Service.java with code snippets
Agent: [reads Service.java, fixes all 3 issues]
Agent: sheriff done fps=["88d32cab35478753", "ab1c2d3e12345678", "f9e8d7c6a1b2c3d4"] status="fixed" → 3 marked fixed, 19 remaining
Agent: sheriff next scope={rule: "ConstantValue"} → 2 issues in Repository.java...
... continues until remaining = 0Next Steps
Section titled “Next Steps” Installation Download the JAR or use Docker
Agent Setup Configure Claude Code or other MCP clients
Tool Reference Learn all Sheriff actions and parameters
Best Practices Tips for efficient static analysis fixing
Requirements
Section titled “Requirements”Supported MCP Clients
Section titled “Supported MCP Clients”Sheriff works with any client that supports the Model Context Protocol:
| Client | Type | Notes |
|---|---|---|
| Claude Code | CLI | Anthropic’s official CLI |
| Claude Desktop | Desktop App | Anthropic’s desktop application |
| ChatGPT Desktop | Desktop App | OpenAI adopted MCP in March 2025 |
| Cursor | IDE | AI-native code editor |
| Windsurf | IDE | Codeium’s AI IDE |
| Zed | Editor | High-performance editor with MCP |
| Continue | VS Code Extension | Open-source AI assistant |
| Cline | VS Code Extension | Autonomous coding agent |
| Cody | Multi-platform | Sourcegraph’s AI assistant |